Microsoft Azure API Management service was discovered to be impacted by three security flaws, including two server-side request forgery bugs and one file upload traversal vulnerability in its developer portal, all of which have already been addressed by Microsoft, The Hacker News reports.
Three vulnerabilities in the platform's API Management Service could allow access sensitive data, mount further attacks, and even hijack developer portals.
The bug, reported to Microsoft on Oct. 26 and remediated Dec. 6, is the result of manipulating a series of misconfigurations and security bypasses in Kudu, a back-end source control management (SCM) tool that helps manage and modify web applications and is used by major Microsoft cloud services like Azure Functions, Azure App Service and Azure Logic Apps.